Javascript disabled? Like other modern websites, the IETF Datatracker relies on Javascript. Please enable Javascript for full functionality.

Using the AES-GMAC Algorithm with the Cryptographic Message Syntax (CMS)
RFC 9044

Yes

Roman Danyliw

No Objection

Erik Kline

Martin Duke

Murray Kucherawy

Robert Wilton

Warren Kumari

Éric Vyncke

(Alissa Cooper)

(Alvaro Retana)

(Barry Leiba)

(Benjamin Kaduk)

(Deborah Brungard)

(Magnus Westerlund)

(Martin Vigoureux)

Note: This ballot was opened for revision 03 and is now closed.

Roman Danyliw

Yes

Erik Kline

No Objection

Martin Duke

No Objection

Murray Kucherawy

No Objection

Robert Wilton

No Objection

Comment (2021-02-23 for -03) Not sent

Easy to read and understand.  Thank you.

Warren Kumari

No Objection

Comment (2021-02-25 for -03) Not sent

Thank you - even I understood some of it :-)

Éric Vyncke

No Objection

Alissa Cooper Former IESG member

No Objection

No Objection (for -03) Not sent

Alvaro Retana Former IESG member

No Objection

No Objection (for -03) Not sent

Barry Leiba Former IESG member

No Objection

No Objection (for -03) Not sent

Benjamin Kaduk Former IESG member

No Objection

No Objection (2021-02-23 for -03) Sent

Section 7

   Implementers should be aware that cryptographic algorithms become
   weaker with time.  As new cryptanalysis techniques are developed and
   computing performance improves, the work factor to break a particular
   cryptographic algorithm will reduce.  Therefore, cryptographic
   algorithm implementations should be modular allowing new algorithms
   to be readily inserted.  That is, implementers should be prepared to
   regularly update the set of algorithms in their implementations.

I think that BCP 201 is a good reference for further reading here.

Section 8.2

If we're importing ASN.1 bits from RFC 5912, doesn't that make it a
normative reference?

Deborah Brungard Former IESG member

No Objection

No Objection (for -03) Not sent

Magnus Westerlund Former IESG member

No Objection

No Objection (2021-02-25 for -03) Sent

Should there be any comments in the security consideration section about the security implications of using 96-bit truncated tags? 

I know that shorter tags have significant vulnerabilities against forgery attempts where successful forgery can be detected. John Mattsson and I wrote a paper identifying why shorter tags would be very bad in SRTP in 2015. https://eprint.iacr.org/2015/477.pdf

I guess the possibility to figure out if CMS forgery attempts are successful depends on what the CMS is used for.

Martin Vigoureux Former IESG member

No Objection

No Objection (for -03) Not sent

Using the AES-GMAC Algorithm with the Cryptographic Message Syntax (CMS) RFC 9044

Using the AES-GMAC Algorithm with the Cryptographic Message Syntax (CMS)
RFC 9044